Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1084773rwb;
        Wed, 16 Nov 2022 11:49:24 -0800 (PST)
X-Google-Smtp-Source: AA0mqf5GH68fn0k0/V8a+jughZ0OB3g7+TlEcVwmYDlRd7Wi5IdJ/jtIjZ8F4ESFzCQG75cHgKT4
X-Received: by 2002:a17:90a:3f89:b0:217:90e0:3f8c with SMTP id m9-20020a17090a3f8900b0021790e03f8cmr5227257pjc.192.1668628164085;
        Wed, 16 Nov 2022 11:49:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668628164; cv=none;
        d=google.com; s=arc-20160816;
        b=KdcnmLdMJ9sp0NcxhrEQVo/ISWFR4MjWzJ+5O0P5wfBNRAumwVrqGKnBiv0uCa3BLw
         jzeJjU7dfEioG64ie4w7vYdQestm6OR9cZzZ+pDw0rCpTcT9nWYxuB2cMvWnKppIAq/d
         Iz7T0jfMCTo+4rrkj2yP3Ljbqb30YrJ0eXKGG9ktQhSsdxhiOvVmqvJ6WYuzbzW4VbNY
         P18ygoz08ztwb2ZmNUKin+G4uhuCsHEA5hfX2YMMQ/4sje4fl0fr4hkqO6BhPWufVDZu
         hfPYfcRKqDy5SSICok/dHFyd2VEBD5ZNqNZSFiacp90oSdHvIfi4MccMhkfkjKQwDwRB
         3x3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature:dkim-signature;
        bh=aYkevZPPey9BdjMs0ZuT+xbpEjqPS3hOe+/G7hJhA64=;
        b=raVGy4BpTVDzjqXT1ZW7dJFGyfTTcm3+PhyTYTIsiM6lALqzanAMjyBgcVhiHAvrZP
         goClnGm7mmybW00uAk8o5O5wdBvgIlC4fVI+DhfOmcd62TD9SQQJn7FJBKzeMWfJDyyR
         hcEz6l5OpGFGcYX81kHBGtyah0cOoYlXjtPB4LA2ObqPUvBAfZbStrbhG0Z7hc9H9j3d
         nW7F8LuiKP8SuTz1+0uOzhu9Soq9viypDGl0TcmBT0HPsWrG+JYbmMqWxLqZ5sgVVHu8
         sODjM+2feizz+jH2reVBQp1Bb+URuOjXjePf0T7s2lNPNveGhb43OAgvk3b4or35frN9
         6+Dg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=V3cGyN4K;
       dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=Nh3qVTLa;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id x23-20020a634a17000000b00453d2790c49si16374462pga.11.2022.11.16.11.49.05;
        Wed, 16 Nov 2022 11:49:24 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=V3cGyN4K;
       dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=Nh3qVTLa;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231565AbiKPTmR (ORCPT <rfc822;logchen2009@gmail.com>
        + 99 others); Wed, 16 Nov 2022 14:42:17 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51470 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229617AbiKPTmP (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 16 Nov 2022 14:42:15 -0500
Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [IPv6:2607:fcd0:100:8a00::2])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5CB1183B8;
        Wed, 16 Nov 2022 11:42:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
        d=hansenpartnership.com; s=20151216; t=1668627734;
        bh=Zbt4bXsEqR2aVAoTn7u+yGScVtBmIodkQzBGeRdnpVM=;
        h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From;
        b=V3cGyN4K0AiD6bOxqkjUqJNUhK1L8GMZGyqs4PCMK0Mj4snSszY06U8CT75PluqEf
         0O+pGiv4D8Es4UlEPxrm1UijaaRZMR6mYwAgL/HqY5YIsyZheuusZUvGeTB45JACqV
         0y4JG8rVBJQNtpiSRqtrkVToqzwG5aAJNFOy5pBc=
Received: from localhost (localhost [127.0.0.1])
        by bedivere.hansenpartnership.com (Postfix) with ESMTP id 2D5421285D4F;
        Wed, 16 Nov 2022 14:42:14 -0500 (EST)
Received: from bedivere.hansenpartnership.com ([127.0.0.1])
        by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id JDKSsTIXis9k; Wed, 16 Nov 2022 14:42:14 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
        d=hansenpartnership.com; s=20151216; t=1668627733;
        bh=Zbt4bXsEqR2aVAoTn7u+yGScVtBmIodkQzBGeRdnpVM=;
        h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From;
        b=Nh3qVTLayYjtlgQk09cclwsItcUBhWDU0GPrd8VvtmiKN5JtGhB61zB93RSkxa10Q
         Iq7A/cXM7FNwb+mQDe60Uqw6RLbVSQh0dWfqEnv/OvggoeQ4OP6sfJwP1OVToOL/S+
         7/p1xC533cLxyAgwLElMLeVqz76CXNPIUZk3qcoI=
Received: from lingrow.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4302:c21::a774])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256)
        (Client did not present a certificate)
        by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 73ADD12813D0;
        Wed, 16 Nov 2022 14:42:13 -0500 (EST)
Message-ID: <7837b12a39b1d6721387ca95554c79003bd16c4e.camel@HansenPartnership.com>
Subject: Re: [PATCH RFC v1 5/6] efi: efivarfs: prohibit reading random seed
 variables
From:   James Bottomley <James.Bottomley@HansenPartnership.com>
To:     Ard Biesheuvel <ardb@kernel.org>,
        "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc:     linux-efi@vger.kernel.org, linux-crypto@vger.kernel.org,
        Lennart Poettering <lennart@poettering.net>
Date:   Wed, 16 Nov 2022 14:42:11 -0500
In-Reply-To: <CAMj1kXHZ60DCz6zgOqfQ-jBEuhc3XwvhieNbJUCY40hdEWt9CQ@mail.gmail.com>
References: <20221116161642.1670235-1-Jason@zx2c4.com>
         <20221116161642.1670235-6-Jason@zx2c4.com>
         <CAMj1kXHZ60DCz6zgOqfQ-jBEuhc3XwvhieNbJUCY40hdEWt9CQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.42.4 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Wed, 2022-11-16 at 18:04 +0100, Ard Biesheuvel wrote:
> On Wed, 16 Nov 2022 at 17:17, Jason A. Donenfeld <Jason@zx2c4.com>
> wrote:
> > 
> > Variables in the random seed GUID must remain secret, so deny all
> > reads
> > to them.
> > 
> > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> > ---
> >  fs/efivarfs/file.c | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> > diff --git a/fs/efivarfs/file.c b/fs/efivarfs/file.c
> > index d57ee15874f9..08996ba3a373 100644
> > --- a/fs/efivarfs/file.c
> > +++ b/fs/efivarfs/file.c
> > @@ -76,6 +76,9 @@ static ssize_t efivarfs_file_read(struct file
> > *file, char __user *userbuf,
> >         while (!__ratelimit(&file->f_cred->user->ratelimit))
> >                 msleep(50);
> > 
> > +       if (guid_equal(&var->var.VendorGuid,
> > &LINUX_EFI_RANDOM_SEED_TABLE_GUID))
> > +               return -EPERM;
> > +
> >         err = efivar_entry_size(var, &datasize);
> > 
> >         /*
> 
> I'd prefer it if we could just disregard them entirely, i.e., never
> enumerate them so that they don't appear in the file system.

It would be nice if they could be boot services only ... then they
disappear naturally, but that would mean the rng would have to
initialize and save in the EFI stub before ExitBootServices, which
doesn't seem practical.

James